Unaffected:
* If you downloaded the non-SSL version for Windows
* Unreal3.2.10.4-SSL-fix (version shown by installer)
* Unreal3.4-alpha1-fix (version shown by installer)

==[ *NIX USERS ]==
On Linux, FreeBSD, and other *NIX systems UnrealIRCd will use the system installed OpenSSL version. So:
1. Follow the instructions of your vendor / distro to upgrade OpenSSL
2. Optionally recompile UnrealIRCd (make clean; make && make install). This is often not needed, but is sometimes necessary. If you do this, then also recompile any 3rd party modules you use.
3. Restart UnrealIRCd so it actually uses the upgraded OpenSSL version
4. That's it

==[ HOW TO CHECK IF YOU ARE VULNERABLE ]==
On IRC, as an IRCOp (not a regular user!!), type '/VERSION' or '/QUOTE VERSION'. If you have OpenSSL support compiled in you will see this:
[18:40:06] -server.test.net- OpenSSL 1.0.1m 19 Mar 2015

Version 1.0.1m means you're good.

If you see anything lower than 1.0.1m, such as "1.0.1h" then you are possibly vulnerable, see next section.

If you see no such line at all, and again.. you are sure you are IRCOp, then it means the server does not have SSL support (no OpenSSL in use). You're safe.

TIP: You can also check remote servers, again only if you are IRCOp, by '/VERSION remote.server.name' or '/QUOTE VERSION remote.server'

==[ FIXED VERSIONS ]==
New Windows SSL versions are available from https://www.unrealircd.org/
The installers have a filename like 'Unreal3.2.10.4-SSL-fix.exe' and 'Unreal3.4-alpha1-fix.exe'
After installation, you see no change in UnrealIRCd version number. This is because no code in UnrealIRCd was actually changed.
You can, however, verify the OpenSSL version, see previous block 'HOW TO CHECK IF YOU ARE VULNERABLE'.

On *NIX (Linux, FreeBSD, ..)? See the block '*NIX USERS' about 40 lines up. Did you already follow these instructions and you still see an old version in use? Even after you restarted UnrealIRCd? On several Linux distro's this is pretty common as vendors routinely backport security fixes without bumping the version number. So if you are on Linux, then after you followed the 4 steps mentioned in '*NIX USERS' then you more or less have to trust your vendor (and yourself).

==[ ADDITIONAL NOTES ]==
If you are running an UnrealIRCd server with SSL support (OpenSSL) and the OpenSSL version is vulnerable. Then if at least one port is reachable for the attacker it can be attacked. It doesn't matter if this is an SSL or non-SSL port and whether you have restrictive allow { } blocks or not.